Nordex NC2 XSS Vulnerability

Thursday, October 31, 2013 @ 05:10 PM gHale

There is a public report of a cross-site scripting (XSS) vulnerability affecting the Nordex Control 2 (NC2) application, a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product, according to a report on ICS-CERT.

The vulnerability is exploitable by allowing a specially crafted request that could execute arbitrary script code, according to this report which released without coordination with either the vendor or ICS-CERT.

ICS-CERT is attempting to contact the vendor to notify them of the report and will ask the vendor to confirm the vulnerability and identify mitigations. This alert is coming out to provide early notice of the public report and identify baseline mitigations for reducing risks to these and other cyber security attacks.

The report included vulnerability details and proof-of-concept (PoC) exploit code for the vulnerability.

ICS-CERT is aware of a report on OSVDB.com (an open-source vulnerability database Website) outlining the XSS vulnerability that may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser within the trust relationship between their browser and the server.

Independent researcher Darius Freamon originally published his findings on his blog and ended up reported on OSVDB October 18. No specific PoC code ends up required as the vulnerability affects data input to the username field of the HMI Web site.

This product works with all the Nordex wind turbine generators. The HMI monitors status with the turbine and electrical production.

ICS-CERT is attempting to coordinate with Nordex and the security researcher to identify mitigations.